Google was the victim of a phishing hack. It was a good one, and a nice guy by the name of Zach Latta actually posted the process on his twitter account as a video: https://twitter.com/zachlatta/status/859843151757955072/photo/1
"A click on the button loaded the Google Accounts website. Users who use multiple accounts on Google are asked to select one to grant permissions.
A click on the name of the developer, Google Docs, reveals right on that page that something is not right. Instead of setting an official Google email or address there, third-party developer information was listed on the page.
The next page highlights the requested permissions. In this case:
- Read, send, delete, and manage your email
- Manage your contacts
If you hit allow on the page, you give the attacker access to your Gmail email messages, and all of the contacts. The latter will likely result in even more phishing emails being sent out...
Google has blocked the account in the meantime, removed the fake pages, and pushed updates to Safe Browsing on top of all that.
Google users who gave permissions to the attacker should remove the Google Docs entry from the application permissions page on the Google website. This page highlights all apps that you have granted permissions to.
Google recommends that users run the company's Safety Checkup tool on top of this." - gHacks
Don't feel bad if you were hacked.
I wasn't approached, but I wouldn't have accepted the doc from a person I didn't know. The problem is, once a person is infected, the person's contacts may become targets as well (i.e. a spear-phishing attack) receiving a doc from that person or someone else, from you. Also, I changed my password anyway. Not a big deal.
Follow the links in the gHacks article to check if you were hacked...and clean up your permissions page.
Sources linked:
https://www.ghacks.net/2017/05/04/fell-prey-to-google-docs-phishing-scam-do-this/?_m=3n%2e0038%2e1998%2ehj0ao01hy5%2e22xf
https://twitter.com/zachlatta/status/859843151757955072/photo/1